Meta’s employee mouse-click tracking tool is collecting EU data it said it would not collect

Internal documents show the Model Capability Initiative captures emails and chats US employees exchange with European colleagues, putting the AI-agent training programme on a collision course with GDPR.

Meta’s Model Capability Initiative, the surveillance programme it deployed across US employee workstations in April to capture keystrokes, mouse clicks and screen contents for AI-agent training, is collecting substantially more European employee data than Meta has publicly acknowledged, according to a Reuters exclusive on Thursday citing internal Meta documents.

Privacy lawyers at the Vienna-based NOYB argue the architecture as documented puts Meta on a collision course with the GDPR.

The structural problem is one of scope. Meta has consistently told staff, regulators and the public that MCI runs only on US-based work machines and does not surveil European employees.

The 💜 of EU techThe latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!The Irish Data Protection Commission, Meta’s lead EU privacy supervisor under GDPR, was told the same. The internal documents Reuters reviewed show, however, that MCI captures the contents of any email or message a US-based Meta employee sends or receives, regardless of where the other party is located.